Summary: build: Add extra GCC hardening compilation flags [#650] Review request for Trac Ticket(s): 650 Peer Reviewer(s): Mathi Pull request to: Affected branch(es): default(4.4) Development branch: default
-------------------------------- Impacted area Impact y/n -------------------------------- Docs y Build system y RPM/packaging n Configuration files n Startup scripts n SAF services n OpenSAF services n Core libraries n Samples n Tests n Other n Comments (indicate scope for each "y" above): --------------------------------------------- changeset f627d356bf1737c254ac36b2d008c5b787093d21 Author: Anders Widell <anders.wid...@ericsson.com> Date: Mon, 09 Dec 2013 12:38:54 +0100 build: Add extra GCC hardening compilation flags [#650] By default, build with the extra hardening flags "-D_FORTIFY_SOURCE=2 -fstack-protector" for improved security and enhanced run-time error detection. The flags can be overridden by setting the environment variable OSAF_HARDEN_FLAGS when building OpenSAF. Note that -D_FORTIFY_SOURCE=2 is only enabled in optimized builds. To reduce the risk that a user accidentally builds without optimization by overriding the default CFLAGS and/or CXXFLAGS, the README files have been updated to recommend passing preprocessor definitions using CPPFLAGS instead of CFLAGS. Complete diffstat: ------------------ 00-README.conf | 2 +- Makefile.common | 4 ++-- README | 16 ++++++++++++---- configure.ac | 18 ++++++++++++++++++ tools/cluster_sim_uml/README | 2 +- 5 files changed, 34 insertions(+), 8 deletions(-) Testing Commands: ----------------- Build OpenSAF in various ways, e.g. with default CFLAGS, and with CFLAGS that disable optimization. Testing, Expected Results: -------------------------- OpenSAF should build and start successfully. Conditions of Submission: ------------------------- Ack from Mathi Arch Built Started Linux distro ------------------------------------------- mips n n mips64 n n x86 n n x86_64 y y powerpc n n powerpc64 n n Reviewer Checklist: ------------------- [Submitters: make sure that your review doesn't trigger any checkmarks!] Your checkin has not passed review because (see checked entries): ___ Your RR template is generally incomplete; it has too many blank entries that need proper data filled in. ___ You have failed to nominate the proper persons for review and push. ___ Your patches do not have proper short+long header ___ You have grammar/spelling in your header that is unacceptable. ___ You have exceeded a sensible line length in your headers/comments/text. ___ You have failed to put in a proper Trac Ticket # into your commits. ___ You have incorrectly put/left internal data in your comments/files (i.e. internal bug tracking tool IDs, product names etc) ___ You have not given any evidence of testing beyond basic build tests. Demonstrate some level of runtime or other sanity testing. ___ You have ^M present in some of your files. These have to be removed. ___ You have needlessly changed whitespace or added whitespace crimes like trailing spaces, or spaces before tabs. ___ You have mixed real technical changes with whitespace and other cosmetic code cleanup changes. These have to be separate commits. ___ You need to refactor your submission into logical chunks; there is too much content into a single commit. ___ You have extraneous garbage in your review (merge commits etc) ___ You have giant attachments which should never have been sent; Instead you should place your content in a public tree to be pulled. ___ You have too many commits attached to an e-mail; resend as threaded commits, or place in a public tree for a pull. ___ You have resent this content multiple times without a clear indication of what has changed between each re-send. ___ You have failed to adequately and individually address all of the comments and change requests that were proposed in the initial review. ___ You have a misconfigured ~/.hgrc file (i.e. username, email etc) ___ Your computer have a badly configured date and time; confusing the the threaded patch review. ___ Your changes affect IPC mechanism, and you don't present any results for in-service upgradability test. ___ Your changes affect user manual and documentation, your patch series do not contain the patch that updates the Doxygen manual. ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ Opensaf-devel mailing list Opensaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opensaf-devel